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DETAILED ACTION 

1. This is in reply to application filed on October 03, 2003. Claims 1-33 have 
been examined. 

Priority 

2. This application does not claim priority. Therefore, the effective filling data for 
the subject matter defined in the pending claims of this application is 
10/03/2003. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the invention by 
the applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in 
the United States only if the international application designated the United States 
and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-33 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Talpade et al (hereinafter referred as Talpade)(U.S. Publication No. 2004/0148520) 
(filed on January 29, 2003) 

5. As per independent claims 1. 12 and 23 Talpade discloses a method for 
responding to network intrusions, comprising: [Abstract] ( 

• a) receiving an intrusion detection system (IDS) alert from an IDS 
sensor [Figure 2, ref. Num "234" and "236"/ sensor] located in a network of 
computing resources [figure 2, ref. Num "204", customer network] wherein said IDS 
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alert indicates an unauthorized intrusion upon a remotely located computing 
resource in said network of computing resources; [Abstract] (As explained on the 
abstract, A sensor shown on figure 2, ref. Num "214" and "236" examines the traffic 
entering the remotely located customer network shown on figure 2, ref. Num "204" and 
"206" for attack traffic. When an attack is detected, the sensor notifies an analysis 
engine within the ISP network to mitigate the attack. Therefore the analysis engine as 
shown on figure 2, ref. Num "232" which is also located remotely with respect to the 
customer computing resource network shown on figure 2, ref. Num "204" and "206" is 
notified the IDS alert indicating an unauthorized intrusion/attacks) 

•b) identifying said IDS alert; [See paragraph 0023] (The analysis engine shown 
on figure 2, ref. Num "232" identifies the DDoS attacks /intrusion when receiving a 
DDoS notification /intrusion notification from the sensor located remotely as shown on 
figure 2, ref. Num "234" and "236" ) and 

• c) determining an appropriate response to said IDS alert [For example 

see Abstract, "the analysis engine as appropriate response to said IDS alert/ notification 
for instance, configures a filter router to advertise new routing information"] that is 
identified at a location separate from said remotely located computing resource 

[figure 2 and Abstract] (The computing resources are located in side the customer 
network shown on figure 2, ref. Num "204" and "206", however the Ids alert is identified 
first at the sensor located at the sensor shown on figure 2, ref. Num "234" and "236" 
which is separate from said remotely located computing resource located inside the 
customer network shown on figure 2, ref. Num "204" and "206". Furthermore, the Ids 
alert is also identified at the analysis engine shown on figure 2, ref. Num "232" which is 
also separate from said remotely located computing resource located inside the 
customer network shown on figure 2, ref. Num "204" and "206"] so that said 
determining said appropriate response is unaffected by said unauthorized 
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intrusion (As explained on the abstract, A sensor shown on figure 2, ref. Num "214" 
and "236" examines the traffic entering the remotely located customer network shown 
on figure 2, ref. Num "204" and "206" for attack traffic. When an attack is detected, the 
sensor notifies an analysis engine within the ISP network to mitigate the attack. 
Therefore the analysis engine as shown on figure 2, ref. Num "232" which is also located 
remotely with respect to the customer computing resource network shown on figure 2, 
ref. Num "204" and "206" is notified the IDS alert indicating an unauthorized 
intrusion/attacks and an appropriate response to said unauthorized intrusion is taken 
by the analysis engine such as configuring a filter router or diverting the traffic. 
Therefore such appropriate response is unaffected by said unauthorized intrusion.) ; 
and 

• d) automatically implementing said appropriate response to mitigate 
damage to said network of computing resources from said unauthorized intrusion, 
[paragraph 0024-0027] (See for instance on paragraph 0024, "automatically mitigates 
the attack by configuring one or more filter routers") 

6. As per claims 2, 13 and 24 Talpade discloses a method for responding to 
network intrusions as applied to claims above. Furthermore Talpade discloses the 
method wherein, wherein a) further comprises: al) detecting a suspicious 
intrusion into said computing resource; [Abstract and figure 2 and particularly, 
figure 2, ref. Num "234"/ sensor,] (The computing resources are inside the customer 
network shown on figure 2, ref. Num "204" and "206") 

a2) determining said suspicious intrusion is unauthorized; [Paragraph 0017] 
(Sensor detects an attack) a3) generating said IDS alert; [See, Abstract, notification 
generated by the sensor] and a4) sending said IDS alert to an IDS manager that is 
located remotely from said computing resource within said network of computing 
resources. [Paragraph 0024, "the IDS alert/ notification is sent to the Analysis engine 
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and consequently to the ISP policy manager. Therefore ISP manager located remotely is 
notified and this meets the limitation of sending said IDS alert to an IDS manager that 
is located remotely from said computing resource within said network of computing 
resources.] 

7. As per claims 3. 14 and 25 Talpade discloses a method for responding to 
network intrusions as applied to claims above. Furthermore Talpade discloses the 
method, wherein a2) further comprises: determining said suspicious intrusion is 
unauthorized when said suspicious intrusion matches with at least one of a list of 
unauthorized intrusions. [Figure 2, ref. 248 "filter sensors in side the sensors shown 
on figure 2, ref. Num "234" and "236", filtering inherently contains matching] 

8. As per claims 4-5. 15-16 and 26-27 Talpade discloses a method for 
responding to network intrusions as applied to claims above. Furthermore Talpade 
discloses the method, wherein comprises: detecting said suspicious intrusion at a 
network-based intrusion detection system (NIDS) sensor located within said 
network of computing resources. [See sensor located within said network of 
computing resources shown on figure 2, ref. Num "234" and "236") 

9. As per claims 6, 22 and 28 T alpade discloses a method for responding to 
network intrusions as applied to claims above. Furthermore Talpade discloses the 
method, wherein d) further comprises: dl) interfacing with a power controller that 
controls power to said computing resource to shut power to said computing 
resource. [Paragraph 0027] (Analysis engine 232 also assists in shutting-down DDoS 
attacks at the edge of the ISP network) 

10. As per claims 7-10. 18-21 and 29-32 T alpade discloses a method for 
responding to network intrusions as applied to claims above. Furthermore Talpade 
discloses the method, wherein d) further comprises: dl) interfacing with at least 
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one switch, an associated switch, in said network of computing resources to 
virtually reconfigure said associated switch in order to virtually isolate said 
computing resource from remaining computing resources in said network of 
computing resources. [See Abstract and figure 2 and paragraph 0017] (the new routing 
information instructs the border and edge routers to reroute all DDoS and non-DDoS 
traffic destined to customer network which the attack is detected which virtually isolate 
said customer computing resources from the remaining computing resources until the 
DDoS traffic is removed.) 

1 1. As per claims 11, 17 and 33 Talpade discloses a method for responding to 
network intrusions as applied to claims above. Furthermore Talpade discloses the 
method wherein said network of computing resources comprises a provisional 
data center. [See paragraph 0007, SOHO, Small office customer/ home office customer 
which are located inside the Figure 2, ref. Num "204" and "206" inherently contains 
some kinds of data center.) 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 
571-272-3806. The examiner can normally be reached on Monday-Friday (8:00 
am— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http:/ /pair- 
direct. uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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